Please help me unhack my father's computer

In My Humble Opinion
1

I’ve only just learned, about two months after the fact, that my father’s computer has been hacked. Details are few, but apparently he went to some “ask a pro” website to get the answer to some question, which they answered and charged him for. But then they started charging him every month, which he did not agree to. He called them, and they acted as though they were going to stop the charges. They asked some questions, and apparently he gave them control of his computer, but at a certain point he got suspicious, and cut the connection.

Previously, I had been able to access the machine myself through Remote Utilities, but they uninstalled that, so I’m flying down to try and recover what I can, or buy him a new machine if necessary.

The existing machine is a Dell desktop, at least 10 years old. He’s 92, and he only uses it for e-mail, web browsing, and writing documents with Word. His data includes the manuscripts of two books and numerous scholarly articles he’s written.

Dad reports that some or all of his data appears to be gone, but the hackers don’t seem to have asked for ransom, from what he has told me. I had set up both local and cloud backups, so with luck he won’t have lost much, unless the hackers have somehow borked the backups, too.

My plan is to power up the machine air-gapped, see if the data really is gone, look for the backups, and copy any data I find to my own laptop for safekeeping. Then I’ll inventory his apps, check for discs, license keys, etc., and try to reinstall Windows 10.

There are no doubt many pitfalls I need to avoid unless I just buy him a new machine and write off any lost data, so please share your experience and advice. At this moment I don’t have details about exactly what happened beyond what I’ve reported, but I’ll try to answer any questions, or go back to Dad with them, if necessary.

Some questions I have been pondering:

  1. Is it worth trying to locate and remove whatever malware the hackers have installed, or should I just give up on that and start with a new OS install?

  2. I believe that all or most of his data was on a separate partition from the OS. If the data still seems to be there, can I wipe only the OS partition and leave the others, or should I not trust anything on the machine, and just wipe, repartition, and reinstall everything?

  3. Could some form of malware be hidden in what seems to be his data, that would make it risky to copy the data to my machine or back to his fixed or new machine?

  4. Are there any sites, services, or software packages you recommend to help me with any part of this process?

I’m flying there Wednesday morning, and coming home Thursday evening, so I’ll have more than 24 hours to work on this. But I probably won’t be checking in here during that time. I need your replies by Tuesday evening, US Eastern time.

Thanks.

2

Sounds like you know more about this stuff than I do, and fortunately for me I don’t really have experience with this, but, just a thought in case you haven’t thought of it (which you probably have):

If I were in your position, I’d find out which “ask a pro” website was the purported source of the malware (assuming your dad remembers, or you can find out from his History), and google it to see if you can find out what they’ve been known to do to people, which could give you a clue as to what issues your dad’s computer might be dealing with.

3

Hacked computer, eh?

Just reinstall.

Well, maybe run Windows Defender, Malwarebytes, Hitman Pro to see if they detect and remove it. If they do, that’s good, because if you were hacked by pros you won’t find anything!

You say it’s just documents and e-mails and stuff; that’s not so risky (with the caveat that I’m not sure if Word sanitizes 100% of malicious macros and such, but the malware scanners really should detect that). (BTW who writes entire books using Word?)

I like Tron. It automates tons of stuff for you so you do not have to be an expert.

4

My dad, obviously! :grin: To be fair to him, the first was written in 1995, and Word is about as advanced as Dad ever got on computers. But I have two as-yet unpublished novels written by friends that AFAICT were composed in Word. What’s wrong with Word for a text-only manuscript?

But to get back on track,

I may try this, because this attack seems similar to a previous one Dad experienced several years ago. IIRC, on that occasion, they hadn’t actually installed anything, but this one seems a little less inept and more insidious. Fortunately, I now live in Massachusetts, so flying to Maryland is not as much of a big deal as coming back from Nevada.

Thanks for this recommendation. It looks impressive, but it seems to need a live connection to the internet, and I’d be concerned that the hackers might detect that the machine is online and interfere with it, or just continue their hacking while it runs. Am I mistaken?

5

I’d check your cloud data. If you’ve got the things he really wants, then I wouldn’t even boot that 10 year old infested piece of hardware. Get him something new, and set up some decent internet security software. Run a scan on the data before you bring it over, and schedule regular scans and back ups. If you and he are worried about future events, set yourself as admin so he needs to check with you before installing new materials.

For the record, Word is perfectly fine for writing books. :grin:

6

This sounds like a great solution. It’s past time for a new device and there are some very decent ones out there that would cost less than cobbling together fixes on the old one. As a tech-daft senior I do well when a IT kid of mine can view my screen-so perhaps install that on the new device, then he can consult with you easily when there is a glitch or to check if he should ‘click’ on something. I would buy the device and have it in hand before you ever get on the plane.

Also check his bank accounts and cards for recurring charges or unauthorized charges stemming from him paying for that mystery service. Block any further charges.

7

It’s not the worst, it has its uses, and even remains a kind of de facto standard for document exchange. And if it works and you know how to use it then there is no real reason to change (though you might remember them changing the user interface around a few times). But, personally, by 1991 or so I figured there was no need for anything beyond a text-only editor to type in a text-only manuscript.

If they are so non-inept, I wonder why they would very dramatically erase all your files, and not for ransomware purposes? As opposed to quietly installing a backdoor that you may never have otherwise noticed?

What the Tron guys say is

I think it is worth trying following the instructions and getting your system stabilized, as they put it. Against a really professional hack, it may not be effective anyway. But it does run a bunch of anti-malware utilities, which detect known malware so it has a chance of finding stuff installed by script kiddies.

The full script takes a while to run, but not that long :slight_smile:

8

My mother-in-law got taken in by one of these. I ended up wiping and reinstalling from scratch. When it came time to replace her laptop, I steered her towards an iPad with a keyboard case. It suited her needs well and is essentially immune from Ransomware.

9

I agree with that as well. I’ve always been the ‘computer guy’ in the family. But for the past 10 years or so, when someone tells me they’ve been hacked like this, my suggestion, if they don’t have anything important stored locally, to toss the computer and replace it. Maybe explain how they got hacked in hopes that it won’t happen again. But I’m done spending half a day at their house fixing their computer just so it can happen again in a year.

This is important too. My business insurance agent has been telling us for years about how some of these ransomware attacks will actually get installed onto your computer weeks or months before they make you aware of their presence, specifically to give things that get regularly back up, a chance to be overwritten with encrypted copies, so you lose that too. *

This too. I’ve done that on some of my computers at work. Make myself an admin (with no one else knowing the admin password), but then setting up a regular user account that gives whoever is using the computer free rein to do most everything. The few things they can’t do, usually just require a password to be typed in. You don’t even need to switch users.
However, if the OP goes down this route, they’ll have to make sure Dad not having access to the admin account (and/or not having the password for it) may severely limit what can be done remotely.

*I wonder if it would be possible for Google Drive or any of the other cloud back up services to scan incoming data and alert the user to a potential infection before everything is overwritten.

10

My son did. What would you use? I use a text editor (think emacs, although that’s not what I use) and TeX, but that’s for mathematics. But if you are writing an ordinary text, I think most people use Word. The Times had a special yesterday on the whole process of making a book, including the printing, binding, putting a cover on and the dust cover, but it started with a Word file. Incidentally, I have never used Word (except to read and comment on an early version of my son’s book), so I am not advocating its use, only noting that it is used.

11

What would I use today? Once past the Marcel Proust handwritten notebooks stage, a combination of Vim and/or Spacemacs, but that’s because I am reasonably handy with those powerful text editors. But I have not tried Word or Wordperfect in over 30 years, so I do not know what features they offer now; if someone were to convince me that Word is the superior tool nowadays, I’m not married to any one program.

If the publisher wants a Word file (or TeX file), it is easy enough to turn text into either one of those; in fact TeX/LaTeX/ConTeXt files are plain text; [one type of] Word files are more like XML.

12

Word is still pretty standard. Why wouldn’t it be? I know a decent number of published writers (not talking vanity press, but publishers like Simon & Schuster, Hachette Books, etc) and they mostly have used Word. I can’t imagine anybody but a technical writer or someone with a technical background using vim/emacs or anything like that to write a book. They use what they grew up with: Word. If you grew up with vim/emacs – great. Use that. But 99% of people didn’t. These days, Google docs is probably being used a good bit, too.

It’s a rather odd aside to make: “BTW who writes entire books using Word?” Well, almost everyone.

13

My wife just finished a cookbook for Random House, all done in Word.

14

OK, I will say: I will use the program I know how to use efficiently. Word hasn’t been around forever, but if that is what is taught in schools now [do they get a kickback from Microsoft?] and what everyone grows up with, then I can believe almost everyone uses it—ignorance fought on my end.

ETA what I use to write the book is pen and ink; all the rest of the process is typing in the book (I mean from my perspective, obviously you could type it from the start, but I find it useful to be forced to revisit things).

ETA2 I did not grow up with vim/emacs! I actually tried half a dozen editors and found those suitable. Am always willing to try something else if it’s better.

15

I know a number of authors who use Scrivener. I’ve tried, more than once, it just doesn’t work for me. I would like to find something that is better than Word for longer form works, however. It definitely gets clunky.

16

No, it’s just that’s what the market uses. I’m 46, and it’s pretty much always been Word, except in the legal profession, where I got to use Word Perfect. But working for any company otherwise, they generally asked you for your proficiency in the Microsoft Office suite. When I had to temp, the temp test was only on Microsoft Office products. That’s just the standard, like it or not. And if you’re going to teach a specific software to students, yes, it would make sense to teach that one.

ETA: Ah, yes, Scrivener would be the other popular one, though most of the folks I know still use Word. I missed that mentioned before. I cannot imagine the average author trying to write a novel in something like vim.

17

Im finishing a book in Word. Started it in Scriener; not intuitive or easy.

18

Can we please end this hijack, in case there’s anyone else who would like to reply to the OP?

Thanks, BTW, for all the relevant replies so far. I’m considering reserving Administrator rights for myself, but I’m concerned about what I might not be able to do remotely if I do so. @Joey_P, can you share more of your experience on this point? I have to admit that I don’t have a lot of experience managing the Users features of Windows, since I’ve always been the only user of my own machines.

Also, I’m kind of hoping Dad will have learned his lesson and not let anyone pull this kind of stunt again.

19

There’s a number of people here who know more than I do on the subject. However, my reason for saying that is that I believe (but not 100% sure), any time you see one of those UAC boxes pop up, you won’t be able to hit OK/Yes/Continue from a remote computer. Meaning if you need to do something remotely that you can imagine might cause that to pop up, either he’ll need to be there to hit OK or you’ll have to tell Windows to either allow a remote computer to push past those or just not pop them up in the first place.

Plus, if he’s not logged in as the admin, the admin password will (may?) need to be typed in as well. I don’t know if that can be typed in remotely.

My fear would be that you’ll have to lower the security so much to work on it remotely, it’ll let others hack right in as well. OTOH, if you tell it to do all the updates (or at least security patches) automatically, how often do you really come up against those UAC boxes, especially once you’ve been using the computer for a while?

If you’re handy with this type of stuff you can set up a cheap/free VPN and then use some screen sharing or remote access software so you’ll at least appear, to his computer, on his local network.

If you replace his computer, maybe get him either a laptop or a PC with a small form factor. That way if he borks it again, he can ship it back to you and you can ship it back to him after you fix it.

20

The UAC stuff should be enabled anyway, independent of any remote administration you may have in mind. There is no need to run applications with Administrator privileges all the time. That is for things like installing device drivers, not the text-file editing and web browsing you were describing.

If you are concerned about your father clicking on “click me” windows, that is something to discuss with him…

As for buying a new machine, what would be the point, unless the hardware is worn out? Windows can be disinfected, as discussed, or wiped off and replaced.